Strapi /auth/local api throws 500 error for wrong password or email not confirmed

System Information
  • Strapi Version: 4.11.4
  • Operating System: Windows 11
  • Database: Postgress
  • Node Version: 14.19.1
  • NPM Version: 6.14.16
  • Yarn Version:

I am having an issue when I try to log in with the wrong password or not confirmed account or blocked account I am getting 500 error as an internal server error instead of a message in response. but I can see an error on strapi console please can anyone give me fix for it i alos updated strapi version but still same old version strapi was 4.7.0

I have the same problem. Started with version 4.11.1.
Updating strapi to version 4.12.7 - did not help

Same issue.

Let me give it a try and see if I can reproduce the issue.

Just tested in the latest version, both cases work and get appropriate messages.

I get the correct errors.When using wrong password I get:

{
	"data": null,
	"error": {
		"status": 400,
		"name": "ValidationError",
		"message": "Invalid identifier or password",
		"details": {}
	}
}

When ‘blocked’ I get this error:

{
	"data": null,
	"error": {
		"status": 400,
		"name": "ApplicationError",
		"message": "Your account has been blocked by an administrator",
		"details": {}
	}
}
1 Like

Hello @Paul_Brats.
I experience the same issue as other reporters. I see that the user-permissions-plugin throws an error when username or password is incorrect - https://github.com/strapi/strapi/blob/main/packages/plugins/users-permissions/server/controllers/auth.js#L70
As far as I can see it is not caught anywhere, therefore Strapi return 500 error.
How it should be handled to build a correct response? Should I patch the plugin to change the behaviour?

1 Like

Hi, any news on this?

Hi. The issue is cause by mismatch between different parts of strapi code in earlier versions. Update to 4.15.5 helped to solve it.

Hi, I still have the 500 error if the password is wrong after updating to 4.16.2

{
“data”: null,
“error”: {
“status”: 500,
“name”: “InternalServerError”,
“message”: “Internal Server Error”
}
}

Me too! I get the Internal Server Error when ever credentials are wrong, at that time, it prints correct errors in the server console/terminal.

When passed correct credentials it just works.

But for wrong credentials, it should have sent error that should state what exactly is wrong with credentials.

My Strapi version is 4.16.2.
I have not added Redis yet.
I am using PostgreSQL.

1 Like

Check the version of strapi/user-permissions package - make sure that it is 4.16.2

This worked for me

I figured it out.

Check the version of strapi/user-permissions package - make sure that it is 4.16.2

This worked for me.

making sure all strapi related dependency packages have same version number .

find the latest stable version number of strapi from npm. update all the @strapi related package to the same version in package.json .
remove package-lock json
remove cache,build files
run npm install
start the backend again with npm run develop.

this solved the issue for me